[Buildroot] [PATCH 1/1] package/libfreeglut: add upstream security fix for CVE-2024-2425{8, 9}

Arnout Vandecappelle arnout at rnout.be
Wed Apr 16 21:25:27 UTC 2025 

On 19/02/2025 21:42, Raphaël Mélotte via buildroot wrote:
> Fixes the following security issues:
>
> - CVE-2024-24258: freeglut 3.4.0 was discovered to contain a memory leak
> via the menuEntry variable in the glutAddSubMenu function.
> - CVE-2024-24259: freeglut through 3.4.0 was discovered to contain a
> memory leak via the menuEntry variable in the glutAddMenuEntry
> function.
>
> https://nvd.nist.gov/vuln/detail/CVE-2024-24258
> https://nvd.nist.gov/vuln/detail/CVE-2024-24259
>
> The CVEs are not technically reported for the libfreeglut package
> itself (which doesn't have a CPE identifier) but for mupdf.
>
> Note that mudpf provides its own (old) version of freeglut, but our
> mupdf package uses the Buildroot-provided freeglut (which now contains
> the fix).
>
> It also has to be noted that a more recent release of libfreeglut
> exists upstream, and it fixes the same CVEs.  Bumping our package
> version however requires more work that can be done separately.
> Including this patch first also has the advantage that it can easily
> be backported wherever it's needed.
>
> Signed-off-by: Raphaël Mélotte <raphael.melotte at mind.be>

  Applied to 2025.02.x, 2024.11.x and 2024.02.x, thanks.

  Regards,
  Arnout

> ---
>   ...-memory-leak-that-happens-upon-error.patch | 54 +++++++++++++++++++
>   package/mupdf/mupdf.mk                        |  5 ++
>   2 files changed, 59 insertions(+)
>   create mode 100644 package/libfreeglut/0001-Plug-memory-leak-that-happens-upon-error.patch
>
> diff --git a/package/libfreeglut/0001-Plug-memory-leak-that-happens-upon-error.patch b/package/libfreeglut/0001-Plug-memory-leak-that-happens-upon-error.patch
> new file mode 100644
> index 0000000000..d09e9befb3
> --- /dev/null
> +++ b/package/libfreeglut/0001-Plug-memory-leak-that-happens-upon-error.patch
> @@ -0,0 +1,54 @@
> +From 9ad320c1ad1a25558998ddfe47674511567fec57 Mon Sep 17 00:00:00 2001
> +From: Sebastian Rasmussen <sebras at gmail.com>
> +Date: Mon, 12 Feb 2024 14:46:22 +0800
> +Subject: [PATCH] Plug memory leak that happens upon error.
> +
> +If fgStructure.CurrentMenu is set when glutAddMenuEntry() or
> +glutAddSubMenu() is called the allocated menuEntry variable will
> +leak. This commit postpones allocating menuEntry until after the
> +error checks, thereby plugging the memory leak.
> +
> +This fixes CVE-2024-24258 and CVE-2024-24259.
> +Upstream: https://github.com/freeglut/freeglut/commit/9ad320c1ad1a25558998ddfe47674511567fec57
> +Signed-off-by: Raphaël Mélotte <raphael.melotte at mind.be>
> +---
> + src/fg_menu.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/fg_menu.c b/src/fg_menu.c
> +index 53112dc2..0da88901 100644
> +--- a/src/fg_menu.c
> ++++ b/src/fg_menu.c
> +@@ -864,12 +864,12 @@ void FGAPIENTRY glutAddMenuEntry( const char* label, int value )
> + {
> +     SFG_MenuEntry* menuEntry;
> +     FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddMenuEntry" );
> +-    menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
> +
> +     freeglut_return_if_fail( fgStructure.CurrentMenu );
> +     if (fgState.ActiveMenus)
> +         fgError("Menu manipulation not allowed while menus in use.");
> +
> ++    menuEntry = (SFG_MenuEntry *)calloc( sizeof(SFG_MenuEntry), 1 );
> +     menuEntry->Text = strdup( label );
> +     menuEntry->ID   = value;
> +
> +@@ -888,7 +888,6 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
> +     SFG_Menu *subMenu;
> +
> +     FREEGLUT_EXIT_IF_NOT_INITIALISED ( "glutAddSubMenu" );
> +-    menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
> +     subMenu = fgMenuByID( subMenuID );
> +
> +     freeglut_return_if_fail( fgStructure.CurrentMenu );
> +@@ -897,6 +896,7 @@ void FGAPIENTRY glutAddSubMenu( const char *label, int subMenuID )
> +
> +     freeglut_return_if_fail( subMenu );
> +
> ++    menuEntry = ( SFG_MenuEntry * )calloc( sizeof( SFG_MenuEntry ), 1 );
> +     menuEntry->Text    = strdup( label );
> +     menuEntry->SubMenu = subMenu;
> +     menuEntry->ID      = -1;
> +--
> +2.48.1
> +
> diff --git a/package/mupdf/mupdf.mk b/package/mupdf/mupdf.mk
> index 9eecb84232..d2829d8b71 100644
> --- a/package/mupdf/mupdf.mk
> +++ b/package/mupdf/mupdf.mk
> @@ -21,6 +21,11 @@ MUPDF_DEPENDENCIES = \
>   	lcms2 openjpeg \
>   	zlib
>   
> +# libfreeglut/0001-Plug-memory-leak-that-happens-upon-error.patch
> +MUPDF_IGNORE_CVES = \
> +	CVE-2024-24258 \
> +	CVE-2024-24259
> +
>   # mupdf doesn't use CFLAGS and LIBS but XCFLAGS and XLIBS instead.
>   # with USE_SYSTEM_LIBS it will try to use system libraries instead of the bundled ones.
>   MUPDF_MAKE_ENV = $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \

More information about the buildroot mailing list